Join Log in
Score:0
dubby avatar Server

Ansible synchronize module permissions failing

it flag
dubby

0

I wish to synchronize letsencrypt credentials from host S to Host D using an ansible task running on host H.

My current task looks like this:

- name: Synchronize local letsencrypt directory
  ansible.posix.synchronize:
    src: /etc/letsencrypt
    dest: /etc/letsencrypt
    archive: true
    checksum: true
    delete: true
    recursive: true
    become_user: myuserid
    rsync_path: "sudo rsync"
  become: true
  delegate_to: S

On host S:

drwxr-xr-x. 9 root root 4096 Jul 10 01:15 /etc/letsencrypt

On host D:

drwxr-xr-x. 2 root root 6 Apr  8 07:58 /etc/letsencrypt

The error message I am getting is:

TASK [sync_certs - rsync from certificate master host to certificate slave host] ******************************************
fatal: [D]: UNREACHABLE! => {"changed": false, "msg": "Invalid/incorrect password: Permission denied, please try again.", "unreachable": true}

Since root login is prohibited on all hosts, the task runs as an ordinary user with sudo permissions to execute "bash". This is the situation on all hosts.

Any help would be greatly appreciated.

PS: The following bash script runs successfully. Unfortunately, it asks for a passsword for myuserid.

sudo /usr/bin/rsync --rsync-path="sudo rsync" --acls --archive --checksum --delete --links --numeric-ids --recursive --stats --times --verbose  /etc/letsencrypt [email protected]::letsencrypt
461
2 + 0
Score:0
Stefano Zaniboni avatar Server
cn flag
Stefano Zaniboni

Can you login via ssh with the user “myuserid”? I think the key of problem is the key share between hosts S and D. Check how do you run the playbook and add the flag -umyuserid -k

0 + 3
dubby avatar
it flag
dubby
I can successfully ssh to "myuserid" without having to supply a password. I use ssh-rsa keys to accomplish this.
0
Reply
dubby avatar
it flag
dubby
When I run the playbook with -u myuserid -k, I get the same error as shown in my original question.
0
Reply
tilleyc avatar
us flag
tilleyc
Have you tried specifying the ssh key to use explicitly with `—private-key` flag?
0
Reply
Score:0
Michael Hampton avatar Server
cz flag
Michael Hampton

You are trying to connect to the remote host "S" as a user which is not set up for ansible to use, or does not exist, thus ansible cannot ssh to the host and authenticate. You need to specify the correct remote_user to connect to that host.

Further, your task is doing something bizarre: You have asked for it to sudo to myuserid instead of root, and then run sudo rsync again to actually run the rsync process. There's no need for any of this; just let it sudo to root as it normally would.

0 + 6
dubby avatar
it flag
dubby
Michael, I removed the "become_user" and added a "remote_user: myuserid". I get the same error as shown in my original question.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
@dubby Are you 100% sure you have supplied the correct credentials for that user to ssh to that system? Check the logs on that system to find out what may have gone wrong.
0
Reply
dubby avatar
it flag
dubby
Michael, There is nothing in the systemd journal that indicates any sort of problem. I have the userid and password for the ansible login and root in /etc/rsyncd.secrets. Question: Should the password in that file be plain text or should it be hashed? I am using plain text. I can't seem to locate any docs that indicate if it s/b hashed or not.
0
Reply
dubby avatar
it flag
dubby
Michael, I reran the task with -vvvvv and captured the output. Unfortunately, it's >740 lines. If I figure out how to use pastebin would you be able to interpret the failed login?
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
@dubby You don't use ssh keys?!
0
Reply
dubby avatar
it flag
dubby
I do use ssh keys from a shell script version of rsync and it works fine. I'm assuming that ansible uses ssh to communicate between hosts. All my other playbooks connect and execute on these same hosts just fine.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.